Your submission was sent successfully! Close

CVE-2011-1167

Published: 28 March 2011

Heap-based buffer overflow in the thunder (aka ThunderScan) decoder in tif_thunder.c in LibTIFF 3.9.4 and earlier allows remote attackers to execute arbitrary code via crafted THUNDER_2BITDELTAS data in a .tiff file that has an unexpected BitsPerSample value.

Priority

Medium

Status

Package Release Status
tiff
Launchpad, Ubuntu, Debian
dapper
Released (3.7.4-1ubuntu3.11)
hardy
Released (3.8.2-7ubuntu3.9)
karmic
Released (3.8.2-13ubuntu0.6)
lucid
Released (3.9.2-2ubuntu0.6)
maverick
Released (3.9.4-2ubuntu0.3)
upstream Needs triage

Patches:
upstream: http://bugzilla.maptools.org/show_bug.cgi?id=2300